DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kim, Yongdae | - |
dc.contributor.advisor | 김용대 | - |
dc.contributor.advisor | Yun, Insu | - |
dc.contributor.advisor | 윤인수 | - |
dc.contributor.author | Han, HyungSeok | - |
dc.date.accessioned | 2023-06-23T19:34:45Z | - |
dc.date.available | 2023-06-23T19:34:45Z | - |
dc.date.issued | 2023 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=1030602&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/309285 | - |
dc.description | 학위논문(박사) - 한국과학기술원 : 정보보호대학원, 2023.2,[v, 86 p. :] | - |
dc.description.abstract | Recently, there has been much research on improving automatic vulnerability discovery (e.g., fuzzing and static analysis) by leveraging domain knowledge. Although most of them focused on which domain knowledge to leverage, this dissertation presents that considering how to apply and represent domain knowledge also helps to enhance domain knowledge-based automatic vulnerability discovery. First, we utilize more domain knowledge. We extend the previous JavaScript engine fuzzing, which uses only JavaScript syntax, to leverage a JavaScript type system and show the effectiveness of our approach. Second, we enhance by more advanced adoption of domain knowledge. Particularly, we improve tools for finding a kind of use-after-free bugs caused by compacting garbage collection. For that, we precisely define these use-after-free bugs and implement a new tool with the tailored symbolic execution, which found bugs that the previous tools missed. Lastly, we enhance extensible static binary checking tools, which take domain knowledge as vulnerability patterns, by analysts-friendly representation of domain knowledge. Previous tools only support patterns based on their own low-level intermediate representations, while most analysts work with decompiled code, which have high-level information such as value types. We thus propose an extensible static checking tool based on decompiled code, which can support diverse patterns and find several bugs in COTS binaries such as Windows kernel. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Automatic vulnerability discovery▼aFuzzing▼aStatic analysis▼aDomain knowledge | - |
dc.subject | 취약점 자동 탐지▼a퍼징▼a정적 분석▼a도메인 지식 | - |
dc.title | Enhancing domain knowledge-based automatic vulnerability discovery | - |
dc.title.alternative | 도메인 지식 기반 취약점 자동 탐지 개선 연구 | - |
dc.type | Thesis(Ph.D) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 한형석 | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.